SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE

Read the original article: SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE


SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE

Introduction

In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief reminder: CVE-2020-0796, also known as “SMBGhost”, is a bug in the compression mechanism of SMBv3.1.1. The bug affects Windows 10 versions 1903 and 1909, and it was announced and patched by Microsoft about 3 months ago. In the previous blog post we mentioned that although the Microsoft Security Advisory describes the bug as a Remote Code Execution (RCE) vulnerability, there is no public POC that demonstrates RCE through this bug.

Continue reading SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE at ZecOps Blog.


Read the original article: SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE